CVE-2025-32977 — Vulnetix

Try Vulnetix Request Demo

CVE-2025-32977 PUBLISHED CVSS 9.600000381469727 CRITICAL

CVE-2025-32975 CVE-2025-32975 is an authentication bypass vulnerability that allows attackers to impersonate legitimate users without valid credentials. The vulnerability in the SSO authentication handling mechanism can lead to complete administrative takeover. CVE-2025-32976 A logic flaw exists in the two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability lies in the 2FA validation process and can be exploited to gain elevated access. CVE-2025-32977 CVE-2025-32977 allows unauthenticated users to upload backup files to the system. While signature validation is implemented, weaknesses in the validation process can be exploited to upload malicious backup content that could compromise system integrity. CVE-2025-32978 CVE-2025-32978 allows unauthenticated users to replace system licenses through a web interface intended for license renewal. Attackers can exploit this to replace valid licenses with expired or trial licenses, causing a denial of service. d for the template engine. In the case of RS, exploitation does not require authentication.

EPSS 0.09% · 25.7th percentile

Risk Scores

CVSS v3.1

9.600000381469727

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

EPSS Score

0.09%

25.7th percentile

Affected Products

Vendor	Product	Versions
Quest	Quest KACE SMA

Timeline

Jun 24, 2025 CVE Published
Jun 24, 2025 PoC Published
Jun 24, 2025 PoC Published
Jun 24, 2025 PoC Published
Jun 24, 2025 PoC Published
Jun 25, 2025 EPSS Score
Jun 25, 2025 PoC Published
Jun 30, 2025 PoC Published
Jul 4, 2025 EPSS Score
Jul 14, 2025 EPSS Score
Jul 23, 2025 EPSS Score
Aug 2, 2025 EPSS Score

References

Open in Interactive Console →